Generally, entities such as enterprises and other organizations implement password-based user authentication to control access to computing resources and networks. Commonly the authenticating information includes a username and user-entered password. One drawback of using usernames and passwords as an authentication method is that passwords tend to be easy for a computer program to guess. Several password-guessing algorithms already exist that can decipher a password when they are given sufficient time and resources. Example password guessing algorithms include Dictionary Attacks, Hybrid Dictionary Attacks, and Brute Force Attacks. Although a broad lockout may stall or stop a password attack, such an approach also prevents legitimate users from logging onto the network. Thus, an attacker could easily mount a denial-of-service attack by repeatedly presenting invalid username-password combinations in order to trigger a broad lockout of the network.